尝试在Log Analytics中显示VM用户登录和注销详细信息 [英] Trying to Display VM User Login and logout details in Log Analytics
问题描述
将Azure虚拟机的用户活动以天蓝色的方式集成到Log Analytics中的步骤是什么,例如每1小时登录和注销一次用户.没有OMS,这是可能的吗?",我试图创建自定义日志来调用安全性.来自VM的evtx文件,但原始数据i
没有格式.请让我知道步骤
详细信息:尝试显示VM用户活动以记录Analytics(分析)
我尝试使用C:\ Windows \ System32 \ winevt \ Logs \ Security.evtx创建自定义日志,但是该列中的原始数据是无法理解的格式
what are the Steps to integrate User Activity of VM into Log Analytics in azure, such as logon and logout of user for every 1 hour..without OMS it is possible??, i tried to create custom log calling the security.evtx file from the VM but the raw data i
am not getting in format. Please let me know the steps
More Detail : Trying to Display VM User Activity to Log Analytics
I tried creating custom log using C:\Windows\System32\winevt\Logs\Security.evtx but raw data in that column is nonunderstandable format
推荐答案
为了从Windows服务器的安全日志中收集事件,您将需要使用Azure安全中心. Azure安全中心是与Log Analytics分开的服务(单独定价),但它使用Log Analytics作为存储安全事件的平台. 安全性事件是在安全性和安全性"审核解决方案(是ASC的一部分)已启用.提示:不再有OMS.参见:https://cloudadministrator.net/2018/10/10/it-is-time-to-erase-oms-acronym-from-your-dictionary/
In order to gather events from Security log for Windows servers you will need to use Azure Security Center. Azure Security Center is separate service (separate pricing) from Log Analytics but it uses Log Analytics as platform for storing Security events. The security events are gathered when Security & audit solution (which is part of ASC) is enabled. Tip: There is no OMS anymore. See: https://cloudadministrator.net/2018/10/10/it-is-time-to-erase-oms-acronym-from-your-dictionary/
如果此回复对您有帮助,则将其标记为答案.
Mark this reply as answer if it has helped you.
这篇关于尝试在Log Analytics中显示VM用户登录和注销详细信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
